Privacy policy

Last updated: 2026-05-28

This policy explains what data MySecretCart collects, why, and what we do with it. We try to keep this in plain English. The rules below comply with GDPR (EU), CCPA (California), and PIPEDA (Canada).

What we collect

  • Account info — email, display name, optional phone number, profile photo. Used to identify you and let your circle find you.
  • Wishlist data — the products you save, the lists you create, the notes you add. Used to power the app.
  • Connection data — who you've added to your circle, their accepted invites. Used to share lists with the right people.
  • Click data — when you click a "Buy at retailer" link, we record the click (wish, retailer, time, session id). Used to track affiliate commission attribution.
  • Device data — IP address (for security), user agent, push notification token (if you opt in). Used for app functionality and security.
  • Cookies — a session cookie for sign-in, a consent cookie for your privacy preferences. No third-party advertising trackers.

What we never do

  • We never sell or rent your personal data.
  • We never share your email with third parties for marketing.
  • We don't use third-party advertising trackers (no Meta Pixel, no Google Ads tracking).
  • We don't read your messages or chats with co-gifters beyond what's required for moderation.

Who can see your wishlist

Your wishlist is visible only to people you've accepted into your circle. The exceptions:

  • Lists you've explicitly marked Public are visible at mysecretcart.com/u/[your-handle] to anyone with the link.
  • Saved products at mysecretcart.com/p/[slug] are public so they can be shared.
  • Lists marked Private are visible only to you.

Your rights

  • Access — request a copy of your data by emailing hello@mysecretcart.com.
  • Delete — delete your account from Profile → Delete my account (at the bottom of the page). All wishlist + connection data is removed within 30 days.
  • Correct — edit any profile field at any time on the Profile page.
  • Object — opt out of notification emails via the unsubscribe link in any email, or by emailing hello@mysecretcart.com.

Children

MySecretCart is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.

Changes

If we make material changes to this policy, we'll notify you by email and post a banner on the site for 30 days.

Contact

Privacy questions: hello@mysecretcart.com. EU residents have the right to lodge a complaint with their local Data Protection Authority.